XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
References
Configurations
History
21 Nov 2024, 02:28
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html - | |
References | () http://seclists.org/fulldisclosure/2015/Jun/64 - | |
References | () http://www.securityfocus.com/archive/1/535827/100/800/threaded - | |
References | () http://www.securityfocus.com/bid/73691 - | |
References | () https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe/ - |
Information
Published : 2015-04-01 14:59
Updated : 2024-11-21 02:28
NVD link : CVE-2015-2811
Mitre link : CVE-2015-2811
CVE.ORG link : CVE-2015-2811
JSON object : View
Products Affected
sap
- netweaver_enterprise_portal
CWE